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DETAILED ACTION 

1. Claims 1-12, 14-15, 17-21 are pending. This is an RCE filed 1/14/05. 



Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-7 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Awadallah et al (6449251 Bl) in view of Boden et al (6615357 Bl) in further view of Stevens 
(TCP/IP Illustrated). 

With respect to Claim 1, the limitation: 

"a network address translating gateway for detecting datagrams having process-specific 
nontranslatable port addresses and passing said datagrams through the gateway without 
translating their port addresses, said gateway connecting a LAN to an external network, said LAN 

using local IP addresses, said gateway having a local IP address that can be referenced 
by devices on said LAN and having an external IP address that can be referenced by 
devices on said external network" is met by Awadallah on column 3, lines 57-59, 60-67; 
column 3, lines 48-56; and on column 4, line 1-8; and 

"a plurality of internal tables associating combinations of local IP addresses of local - 
devices on said LAN, external EP addresses of external devices on said external 
network., .source port addresses, destination port addresses, process-specific port 
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addresses, and maintaining a list of selected process-specific nontranslatable port 
addresses to which datagrams can be passed without translating port addresses" is met by 
Awadallah on column 4, lines 30-33, column 3, lines 48-56; and column 2, lines 26-29; 
and 

"means for performing normal address translation upon datagrams passing from said 
LAN to said external network and datagrams passing from said external network to said 
LAN" is met by Awadallah on column 3, lines 61-64; and 

"means for delivering a datagram from a local device on said LAN to an external device 
on said external network by receiving a datagram from a local device on said LAN 
intended for delivery to an external device on said external network, and determining 
whether the destination port address for said datagram is included in said list of selected 
process-specific nontranslatable port addresses if said destination port address is not 
included in said list of selected process-specific port addresses, performing normal 
address translation upon said datagram and passing said datagram to said external 
network for routing and delivery to said external device" by Awadallah on column 3, 
lines 48-56, 61-67 and column 4, lines 1-4. The attorney does not define the term 
'process-specific port addresses' so the examiner makes the broadest, most reasonable 
interpretation of this term as port addresses that are reserved for a specific/particular 
process. Reserved port addresses meet the limitation of process-specific port addresses 
- because these port addresses are reserved for a particular process. 
Awadallah et al does not meet the limitation of SPI values neither does he meet the 
limitation of IP the routing procedure. 
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The SPI-In values, SPI-Out values referred to in the second limitation of Claim 1 is met 
by Boden on column 1, lines 55-59. It would have been obvious to one of ordinary skill 
in the art at the time the invention was made to combine the teachings of Boden within 
the system of Awadallah because SPI values are necessary parameters in a gateway 
managed by IPSec to be able to tell multiple connections that use the same protocol apart. 
The packets having a dynamic port number are not translatable but port swapped before 
routing to the next hop router. The combination of Awadallah et al and Boden et al does 
not disclose the IP routing procedure. This is disclosed by Stevens as discussed below. 
The limitation "and if said destination port address is included in said list of selected 
process-specific nontranslatable port addresses, determining whether said destination port 
address is bound to a local IP address, and if said destination port address is bound to a 
local IP address, performing normal address translation upon said datagram and passing 
said datagram to said external network" is met by Stevens on section 3.3, page 37-38, 1 st 
paragraph; and 

"and if said destination port address is not bound to a local IP address, passing said 
datagram through said gateway without translating said port addresses of said datagram, 
modifying said source IP address of said datagram to be said external IP address of said 
gateway, binding said destination port address to the local IP address of said local device 
and creating an association between said destination port address and the external EP 
address of said external device, and passing said datagram to said external network for 
routing and delivery to said external device" is met by Stevens in Section 3.3, page 37- 
38, 1 st paragraph. 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the combination of Awadallah and 
Boden to obtain the claimed invention because the BP routing procedure is a basic routing 
procedure performed by a router/gateway to a host that is either within a LAN or that 
needs to be reached outside of the LAN though a router/gateway. 

With respect to Claim 2, all the limitation is met by the combination of Awadallah and 
Stevens except that described below. 

The limitation "wherein the means for delivering a datagram from a local device on said 
LAN to an external device further comprises a means for determining whether said 
datagram is encrypted and, if said datagram is encrypted, for determining whether the 
SPI of said datagram is recorded in the SPI - Out field in said internal table and, if said 
SPI is recorded in said SPI - Out field, modifying the source IP address of said datagram 
to be said external IP address of said gateway and passing said datagram to said external 
network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56. It is inherently met by Boden because 
SPI (Security Parameter Index) is an index used within IPSec to keep multiple 
connections distinct. If absent, the two connections to the same gateway using the same 
protocol could not be told apart and hence is necessary for the correct functioning of the 
- gateway. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of 



Application/Control Number: 09/5 1 8,399 Page 6 

Art Unit: 2135 

the IPsec protocol for routing packets through a gateway, or else the gateway would not 
be able to tell multiple connections apart. 

With respect to Claim 3, all the limitation is met by the combination of Awadallah et al and 
Stevens except the limitation described below. 

The limitation "if said SPI is not recorded in said SPI - Out field of said internal table, means for 
setting the SPI - In field corresponding to the local IP address of said local device equal to zero 
and setting said SPI - Out field equal to said SPI, modifying said source IP address of said 
datagram to be said external EP address of said gateway and passing said datagram to said 
external network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56 and explained in Claim 2 rejection above. 
It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of the IPsec 
protocol for routing packets through a gateway, or else the gateway would not be able to tell 
multiple connections apart. 

With respect to Claim 4, the limitation . .and if said datagram is not encrypted, 
determining whether the destination port address for said datagram is included in said 
list of selected process-specific port nontranslatable addresses and, if said destination 
port address is not included in. said list of selected process-specific nontranslatable port 
addresses, performing normal address translation upon said datagram and passing said 
datagram to said LAN for delivery to said local device, and if said destination port 
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address is included in said list of process-specific port non translatable addresses.. ." is 
met by Awadallah on column 3, lines 48-56, 61-67, column 4, lines 1-4. The Awadallah 
does not meet the limitation involving SPI values. This is however met by Boden as 
discussed below. 

The limitation "wherein the network address translating gateway further comprises 
means for delivering a datagram from said external device to said local device by x 
receiving a datagram from said external device on said external network intended for 
delivery to said local device on said LAN, means for determining whether said datagram 
is encrypted and, if said datagram is encrypted, determining whether the datagram's SPI 
is recorded in said SPI - In field of said internal table and, if said SPI is recorded in said 
SPI - In field, modifying the destination IP address of said datagram to be said local IP 
address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, and if said SPI is not recorded in said SPI- In field of said 
internal table, determining whether said SPI is not recorded in said SPI - In field 
corresponding to said IP address of said external device is equal to zero, and if said SPI 
- In field is not equal to zero, discarding said datagram, and if said SPI - In field is equal 
to zero, setting said SPI - In field equal to said SPI, modifying the destination IP address 
of said datagram to be said local IP address of said local device and passing said 
datagram to said LAN for delivery to said local device. . is met by Boden on column 
1 , lines 55-59 and on column-3, lines 49-56. It would have been obvious to combine the 
teachings of Boden within the system of Awadallah because the use of SPI values is 
necessary to the correct operation of a gateway managing multiple connections. 
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The combination of Awadallah et al and Boden does not meet the limitation of the IP 
routing description disclosed below. This limitation is met by Stevens as shown below. 
The limitation "determining whether said destination port address is bound to a local IP 
address, and if said destination port address is not bound to a local IP address, 
discarding said datagram, and if said destination port address is bound to a local IP 
address, determining whether said destination port address is associated with the 
external IP address of said external device, and if said destination port address is 
associated with the external IP address of said external device, modifying said 
destination IP address of said datagram to be the bound local IP address of said local 
device, unbinding said destination port address from said local IP address, and passing 
said datagram to said LAN for delivery to said local device" is inherently met by 
Stevens on Section 3.3, page 37, 38, 1 st paragraph. This is a routine process in IP 
routing as inherently shown by Stevens. 
It would have been obvious to one of ordinary skill in the art to combine the teachings of 
Stevens within the combination of Awadallah et al and Boden et al because the IP routing 
procedure is a basic routing procedure performed by a router/gateway to a host that is 
either within a LAN or that needs to be reached outside of the LAN. 

With respect to Claim 5, the limitation "a timer, wherein, upon receiving a signal that a 
selected process-specific nontranslatable port address has become bound to an IP address, 
said timer will commence timing for a predetermined length of time and, upon the 
expiration of said predetermined length of time, will send a signal causing said selected 
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process-specific nontranslatable port address to become unbound from said IP address, 
and, upon receiving a signal indicating that said selected process-specific nontranslatable 
port address has become unbound from said IP address prior to the expiration of said 
predetermined length of time, said timer will stop timing and will reset" is met by 
Awadallah on column 6, lines 65-67, column 3, lines 48-56 and column 7, lines 1-4. The 
attorney does not define the term 'process-specific nontranslatable port addresses' so the 
examiner makes the broadest, most reasonable interpretation of this term as port 
addresses that are reserved for a specific/particular process. Reserved port addresses 
meet the limitation of process-specific port addresses because these port addresses are 
reserved for a particular process. 

With respect to Claim 6, the limitation "in which said external network is the internet" is met by 
Awadallah on column 1, lines 29-31. 

With respect to Claim 7, all the limitation is met by the combination of Awadallah and Stevens 
except the limitation of the LAN being a VPN. 

The limitation u in which said LAN is a virtual private network" is met by Boden on column 1, 
lines 24-25. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah and Stevens because a VPN is a common and well-known form of implementing a 
LAN. 
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With respect to Claim 19, the limitation of "wherein said list of selected process-specific 
nontranslatable port addresses to which datagrams can be passed without translating their port 
addresses comprises port 500" is met by Awadallah on column 5, lines 35-52 and on colun 3 5 
lines 48-56. 

Claims 8, 10, 18, 20 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated). 

With respect to Claim 8, the limitation "maintaining a plurality of tables associating 
local IP addresses of local devices on said LAN, external IP addresses of external 
devices on said external network by passing datagrams having process-specific port 
addresses to which datagrams can be passed without translating their port addresses, port 
addresses of said local devices, port addresses of said external devices, SPI - In values, 
SPI - Out values, and process-specific port addresses, and a list of selected process 
specific port addresses" is met by Awadallah on column 2, lines 26-29, 62-64, column 3, 
lines 48-56; and on column 4, lines 30-33. 

The limitation "receiving a datagram from said LAN" is met by Awadallah on column 3, 
lines 64-67 and column 4, lines 1-4. 

The limitation "determining whether the destination port address for said datagram is 
included in said list of selected process-specific port addresses and, if said destination 
port address is not included in said table of reserved port addresses, performing normal 
address translation upon said datagram and passing said datagram to said external 
network for routing and delivery to said external device" is met by Awadallah on column 
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3, lines 61-67, column 4, lines 1-4, The attorney does not define the term 'process- 
specific port addresses' so the examiner makes the broadest, most reasonable 
interpretation of this term as port addresses that are reserved for a specific/particular 
process. Reserved port addresses meet the limitation of process-specific port addresses 
because these port addresses are reserved for a particular process. 
Awadallah however does not meet the limitation disclosed below. This is however met 
by Stevens as discussed below. 

The limitation "and if said destination port address is included in said list of selected 
process-specific port addresses, determining whether said destination port address is 
bound to an IP address, and if said destination port is bound to an IP address, performing 
normal address translation upon said datagram and passing said datagram to said external 
network, and if said destination port address is not bound to an IP address, passing said 
datagram through said gateway without translating the port addresses in said datagram, 
modifying said source IP address to be said external IP address for said external device, 
binding said destination port address to the local IP address of said local device and 
creating an association between said destination port address and said external IP address 
of said external device, and passing said datagram to said external network for routing 
and delivery to said external device" is met by Stevens on Section 3.3 on page 37-38, 1 st 
paragraph. 

It would have-been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah because 
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the IP routing procedure is a basic routing procedure performed by a router/gateway to a 
host that is either within a LAN or that needs to be reached outside of the LAN. 

With respect to Claim 10, the limitation is the reverse of Claim 8 and hence Claim 8 
rejection stands for Claim 10. The added limitation of". .. determining whether said 
destination port address is associated with the external BP address of said external 
device, and if said destination port address is associated with said external IP address of 
said external device. . ." is also met by Stevens on Section 3.3, page 37, 38, 1 st 
paragraph. This is a routine process in IP routing is shown by Stevens. 

With respect to Claim 18, the limitation "a machine readable storage, having stored 
thereon a computer program comprising a plurality of code sections executable by a 
machine and for connecting a LAN to an external network via a network address 
translating gateway, said gateway having a local IP address that can be referenced by 
devices on said LAN and having an external EP address that can be referenced by devices 
on said external network, and further comprising a plurality of internal tables associating 
combinations of local IP addresses of local devices on said LAN, external IP addresses of 
external devices on said external network, source port addresses, destination port 
addresses, process-specific port addresses, and a list of selected process-specific port 
addresses, including at least port 500 for causing the machine. . ." is met by Awadallah et 
al on column 2, lines 26-29, column 3, lines 48-56, 60-67, column 4, lines 1-8 and 30-33. 
The added limitation of port 500 being used is met by Awadallah et al on column 5, lines 
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35-52. The attorney does not define the term 'process-specific port addresses' so the 
examiner makes the broadest, most reasonable interpretation of this term as port 
addresses that are reserved for a specific/particular process. Reserved port addresses 
meet the limitation of process-specific port addresses because these port addresses are 
reserved for a particular process. 

The limitation "processing a datagram from a local device on said LAN by receiving a 
datagram from a local device on said LAN intended for delivery to an external device on 
said external network" is met by Awadallah on column 3, lines 60-67 and column 4, lines 
1-2; and 

The limitation "determining whether the destination port address for said datagram is 
included in said list of selected process-specific port addresses and determining whether 
said destination port address is bound to a local IP address on said LAN; and if said 
destination port address is not included in said list of selected process-specific port 
addresses, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device" is met 
inherently by Awadallah et al on column 3, lines 61-67 and column 4, lines 1-4. 
Awadallah et al however does not disclose the limitation discussed below. This however 
is met by Stevens as shown below. 

The limitation "and if said destination port address is included in said list of selected 
process-specific port addresses, and said destination port address is bound to a local IP 
address, performing normal address translation upon said datagram and passing said 
datagram to said external network; and if said destination port address is not bound to a 
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local IP address on said LAN, modifying said source IP address of said datagram to be 
said external IP address of said gateway, binding said destination port address to the local 
IP address of said local device and creating an association between said destination port 
address and the external IP address of said external device, and passing said datagram to 
said external network for routing and delivery to said external device without translating 
said port addresses of said datagram" is met by Stevens on Section 3.3, page 37, 38, 1 st 
paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah et al 
because the IP routing procedure is a basic routing procedure performed by a 
router/gateway to a host that is either within a LAN or that needs to be reached outside of 
the LAN. 

With respect to Claim 20 and 21, the limitation of "in which said list of selected process- 
specific port addresses to which datagrams can be passed without translating their port 
addresses comprises port 500" is met by Awadallah on column 5, lines 35-52 and on 
column 3, lines 48-56. 

Claims 9, 1 1, 12, 14, 15, 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated) in further view of 
Boden et al (6615357 Bl). 



Application/Control Number: 09/5 1 8,399 Page 1 5 

Art Unit: 2135 

With respect to Claim 9, all the limitation is met by the combination of Awadallah and 
Stevens except the limitation disclosed below. 

The limitation "determining whether said datagram is encrypted and, if said datagram 
is encrypted, determining whether the SPI in said datagram is recorded in the SPI - Out 
field of one of said plurality of internal tables and, if said SPI is recorded in said SPI - 
Out field of said internal table, modifying the source IP address to be the external IP 
address of said gateway and passing said datagram to said external network for routing 
and delivery to said external device, and if said SPI is not recorded in said SPI - Out 
field of said internal table, setting said SPI - Out field corresponding to the IP address 
of said external device equal to said SPI and setting the SPI - In field of said internal 
table to zero, modifying said source IP address to be said external IP address of said 
gateway, and passing said datagram to said external network for routing and delivery 
to said external device" is met inherently by Boden on column 1, lines 55-59 and on 
column 3, lines 49-56. 

It would have been obvious to one of ordinary skill in the art to combine the teachings 
of Boden within the combination of Awadallah and Stevens because the use of SPI 
values is necessary to the correct operation of a gateway managing multiple 
connections. 

With respect to Claim 11, all the limitation is met. by the combination of Awadallah et 
al and Stevens. The limitation disclosed below is met by Boden. 
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The limitation "determining whether the SPI in said datagram is recorded in the SPI - 
In field of one of said plurality of internal tables and, if said SPI is recorded in said 
SPI - In field of said internal table, modifying the destination IP address to be the local 
IP address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, and if said SPI is not recorded in said SPI - In field of 
said internal table, determining whether said SPI- In field corresponding to the IP 
address of said external device is zero, and if said SPI -In field is not zero, discarding 
said datagram, and if said SPI - In field is equal to zero, modifying said SPI - In field 
to be said SPI, modifying said destination IP address to be said local IP address of said 
local device, and passing said datagram to said LAN for routing and delivery to said 
local device" is inherently met by Boden in column 1, lines 55-59 and in column 3, 
lines 49-56. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah and 
Stevens because the use of SPI values is necessary to the correct operation of a gateway 
managing multiple connections. 

With respect to Claim 12, the limitation "the steps of starting a timer whenever a 
selected process-specific port address becomes bound to said local IP address of said 
local device, CU resettling said timer whenever said destination port address has 
become released, and sending a signal whenever said timer is active and a 
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predetermined length of time has expired from the time said timer was started" is met 
by Awadallah et al on column 6, lines 65-67 and column 7, lines 1-4. 

With respect to Claim 14, the limitation <£ in which said external network is the 
internet" is met by Awadallah on column 1, lines 29-31. 

With respect to Claim 15 and 17, all the limitation is met by the combination of 
Awadallah and Stevens. 

The limitation "in which said LAN is a virtual private network" is met by Boden on 
column 1, lines 24-25. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah 
and Stevens because a VPN is a well-known form of implementation of a LAN in the 
art. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tracey Akpati whose telephone number is 571-272-3846. The 
examiner can normally be reached on 8.30am-6.00pm. 

. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



